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1. INTRODUCTION 

With the increasing race towards offering quality delivery of software projects, the software 
development team in various IT industries is in continuous exploration process for such effective 
development methodologies. At present there are various standard software development 
methodologies [1], [2] as well as quality standard [3], [4] that are considered to be technological boon for 
every project development team. One of the techniques to ensure an effective software development practices 
is to ensure higher degree of risk control measures that calls for an effective risk management [5]. Basically, 
a risk management in software development industry is all about considering all sorts of possible factors that 
could degrade the product quality or invite some unfortunate challenges in near future during the 
development period that could possible cost some tangible resources [6], [7]. 

There are various literatures e.g. [8], [9] which states that various standard risk management models, 
frameworks, practices, etc are already existing. Inspite of this, there is always an unprecedented fear of risk 
due to following reason e.g. change of management, policy alternation, skill gap, employee attrition, 
requirement volatility, sudden adoption of unknown technology etc. Basically, there are various types of risk 
factors where some are quite known i.e. deterministic form while some of absolutely unknown. In the first 
type of risk, the team is completely aware of the risk and has all the chances to ensure an effective control of 
the risk. However, still various factors e.g. time involved in controlling the risk, resource involved, cost etc 
are some factors that are also to be considered while mitigating such forms of risk. 

Unfortunately, the second form of risk factor is something that the software development team as 
well as stakeholder has absolutely no pre-defined information or clue about the form of the risk. It is a direct 
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indication of involvement of uncertainty factor in the risk management. There are various studies where 
uncertainty problems [10], [11] have been discussed as the most challenging problem with respect to 
computational model. It is because such forms of problems cannot be mathematically formulated as variables 
corresponding to the problems cannot be discretely defined. Hence, an effective risk management actually 
suffers from such forms of problems where there is absolutely no benchmarked model or solution in order to 
assists such computationally challenging problems. 

One way to develop such model will be to take a case study and define various constraints 
appropriate to case study and perform different forms of iterations to check how the model behaves in risk 
evaluation. Hence, adoption of different optimization algorithms [12], [13] are highly recommended in this 
case as they could offer a good balance between constraint satisfaction as well as minimize the occurances of 
risk. However, while doing such design approach, it calls for various rounds of iteration where some rounds 
of iterations could be sufficiently big just in order to obtain an elite outcome. Such approaches may be 
completely unpractical even if they offer good outcomes. Therefore, there is a need to design and develop an 
efficient computational model that is capable of controlling the risk factor to a good extent that is applicable 
in practical life [14]-[16]. 

This research paper introduces one such dedicated attempt where a simple and cost effective 
modeling is carried out using analytical methodology in order to compute the practical form of risk as well as 
to ensure the accuracy in it. The secondary research objective is to offer reliable outcome of risk computation 
with an aid of machine learning approach. The tertiary research objective of this paper is to ensure a good 
computational model that could take the real-time constrainsts as input and offer reliable risk evaluation to 
assists stakeholders for formulating countermeasures. Section 1.1 discusses about the existing literatures 
towards risk management followed by discussion of research problems in Section 1.2 and proposed solution 
in 1.3. Section 2 discusses about algorithm implementation followed by discussion of result analysis in 
Section 3. Finally, the conclusive remarks are provided in Section 4. 


1.1. Background 

This section discusses about the existing literatures studies towards risk management as an extension 
to our prior review work [17]. Discussion towards importance of risk as critical system was put forward by 
Laplante and DeFranco [18], Lutz and Huang [19]. A comparative illustration of diferent risk frameworks 
have been discussed by Pasha et al. [20]. It has been seen that risk management offers complementart 
benefits while exercised on existing quality standards. 

The study of Albadarneh et al. has discussed a case study of agile methodology with respect to its 
significant benefits [21]. Sundararajan et al. have investigated towards the large scale of project development 
for assessing the risk associated with it [22]. Literatures have also witnessed implications of decision making 
towards risk management as seen in work of Aslam et al. [23]. Importance of similar practices of risk 
analysis towards agile methodology was also found supported in the work of Elbanna and Sarker [24]. 
Batbayar et al. [25] have presented a study where statistical tool has used for assessing risk along with 
applying fuzzy logic. The studies also shows that risk associated with the software design patterns can be also 
assessed for their risk factor using specific bound approach as reported by Bernardi et al. [26]. Adoption of 
modeling approach for using social and technical system has been proven to improve the software design as 
well as offer better risk management as reported by Bider and Otto [27]. Similar form of research work has 
been also reported by Chadli et al. [28]. 

Literatures have also introduced integrated-based approach where joint implementation of different 
forms of discrete process is found to assists in minimizing occurances of risk. This fact was discussed by 
Janjua et al. [29]. Work of Kendall et al. [30] have introduced a practical centric methodology for an 
effective governance of risk factor. Lueddemann et al. [31] have presented an experimental-based approach 
for assessing standard ISO risk associated with clinical devices. Pietrantuono et al. [32] have presented 
architecture for ensuring effective software reliability. 

Adoption of probabilistic-based approach was reported to minimize the complexiy associated with 
evaluation of risk associated with medical devices. This fact was further found advocated in the work of Rao 
et al. [33], [34] that inclines towards identification of risk factor. Study towards taxonomies of risk 
management was discussed by Reyes et al [35]. Adoption of evolution technqiues are also reported to offer 
better management and control of risk during the software project development. This fact was discussed by 
Sarro et al. using multi-objective based approach in order to incorporate adaptivity in their design [36]. 
Usage of software intelligence was investigated by Susarev et al. in order to study about the safety factors 
essential for essential software management [37]. There exists various forms of research-based studies 
towards risk management but very less models are found to be investigated from the viewpoint of software 
engineering. Moreover, very less computational model with significant benchmarking has been reported. The 
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next section outlines the research problems that are arrived from reviewing the existing approach towards 
software risk management. 


1.2. The Problem 
The significant research problems are as follows: 
a. Existing research work are more theoretical / conceptualized model and lacks computational 
modeling aspect with respect to analytical solution approach. 
b. Undertaking of real-time risk factor and formulating it in analytical modeling is less witnessed in 
existing approach that reduces the applicability of claimed success of model. 
c. There is no major optimization technqiues implemented over software engineering with many of 
them are found not to focus on reducing the iteration. 
d. More inclination towards modeling aspect and less towards exploring the applicability of the 
modeling in real-time scenario. 

Therefore, the problem statement of the proposed study can be stated as “Developing a cost effective 
computation model to offer a precise evaluation of the critical risk factor for the given set of operational data 
with reliable predictive performance is quite challenging task’. The next section discusses about the 
proposed methodology used to countermeasure the above stated research problem. 


1.3. The Proposed Solution 

The proposed work is basically an extension of the our prior design approach called as 3LRM [38] 
where the present work focuses on optimizing the performance of the computing risk factor involved in 
software engineering. The architecture of the proposed PORM is shown in Figure 1. 
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Figure 1. Proposed Architecture of PORM 


The implementation of the proposed system is carriedout considering analytical research 
methodology where the emphasis is rendered on developing the inputs associated with the real-time 
development scenario in any IT organization with respect to its software projects. The proposed system takes 
four different forms of inputs e.g. i) development expenditures per software projects (rı), ii) total number of 
allocated software projects per employee (r2), iii) allocated development duration for each projects on an 
employees (r3), and iv) uncertainty factor (r4). The first three inputs (i.e. rı, r2, and r3) can be captured from 
any real-time statistics of an organization while the fourth input .i.e. r4 is randomly initialized. 

The proposedsystem applies neural network and explicitely uses two different non-linear 
optimization functions while performing training over its hidden layer in order to obtain better form of 
outcome associated with risk. After the training process is accomplished, the proposed system offers 
numerical evaluation of the risk factor associated with the case study of an organization given. This outcome 
is of higher importance for any stakeholders of an organization so that they can formulate an effective 
decision for resisting an upcoming risk event. The undertaking of decision is further concretized by check the 
accuracy value of the proposed prediction operation followed by convergence test for an effective validation. 
The complete study outcome is assessed with respect to the performance parameters that are standardized in 
the area of software engineering and still used in the industry in order to assess the software quality. The next 
section illustrates about the algorithm implementation for the above discussed methodology. 
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2. ALGORITHM IMPLEMENTATION 

The prime purpose of this algorithm is to design and develop an algorithm that bears the capability 
for precisely computing risk for a given state of information associated with the methodology adopted for 
software project development cycle. The algorithm construction is basically carried out in two phases where 
the first phase concentrates in computation of risk factor and second phase concentrates on computing the 
amount of reliability score associated with the computation. The proposed PORM system also applies 
machine learning in order to carry out predictive optimization operation. The algorithm takes in the input of r 
(risk assessment data) that after processing yields Raeg (Degree of Risk). The steps of the proposed algorithm 
are as follows: 


Algorithm for Computing Risk Factor 
Input: r (risk assessment data) 
Output: Raeg (Degree of Risk) 


Start 
1. init r 
2. A> filin), BO fiCout) 
3. For i=1:n; 
4 = Ta (i) — a) 
"O a-a (i-e 
5. End 
6. For i=1:n2 
Te hey, En Tau D- LÒ 
“  BO-B,@O+e 
8. End 
9. For i=1:n3 
10. Tyg =P D+ BO 
11.End 
12. racegPfi(Cou-T out) 
End 


The description of the above algorithm is as follows: The input of this algorithm is basically 
represented as r (risk assessment data) which is considered to be consisting of i) development expenditures 
per software projects (rı), ii) total number of allocated software projects per employee (r2), iii) allocated 
development duration for each projects on an employees (r3), and iv) uncertainty factor (r4). A data in the 
form of .csv file is collected from a case study and is considered as an input (Line-1). The next part of the 
implementation is associated with processing the inputs correctly. For this purpose, a function fi(x) is 
constructed that extract the minimum and maximum value of its input arguments rin and rou that represents 
the input and output arguments respectively (Line-2). A look is constructed for all the values of the input 
arguments nı (Line-3) and therefore the value of n1 is 4 i.e. r={ rı, 12,r3,r4}. It should be understood that r is a 
raw data and hence, it is essential to carry out normalization in order to ease down the computation process of 
optimization. The proposed algorithm computes the normalized input rin (Line-4) using a simplified 
empirical expression as follows: 


T, (i) - a(i) (1) 


‘a,(i)-a,()-¢ 


In the above expression, the computation of the normalized input associated with the risk factor is 
computed. The dependable variables used in the expression are w (weight), rin initial risk input element 
corresponding to i" element, where i<nj, a (primary input corresponding to same i™ element of higher / lower 
order i.e. a2 and a)respectively), and a statistical constant c. Almost similar mechanism is continued for 
computing the normalized output (rout) using the following expression 


prep Fou) — BO (2) 
A-L À+ce 
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The proposed study considers that there are two outcomes of study i.e. i) Quantized Risk and ii) 
Predictive Accuracy. In the above expression, the dependable variables are row initial risk output and B 
(primary output corresponding to same i” element of higher / lower order i.e. B2 and Birespectively). It also 
uses same weight and statistical constant (Line-7). The above two empirical expression significant assists to 
extract the normalized input and output of the risk factor in most computationally efficient manner as it 
involves faster time of extraction with reducing the dependencies of reading massive elements of the raw 
database of the risk management within an organization. This process is a stepping stone of optimization 
where without involving any extra resources, the proposed system is attempting to obtain better numerical 
values with higher degree of accuracy and reliability. The last phase of the algorithm implementation again 
constructs a loop with iteration restricted to n3 that corresponds to number of outcomes i.e. 2 for the proposed 
system. The expression introduced for computing the test outcome of the proposed system is as follows: 


T- 
Pasi a E (BD) -BONFBO (3) 


However, it is interesting to understand the formulation of the test-outcome Tou (Line-10) that 
finally leads to applying similar function f(x) offer the difference of rou normalized output of risk with Tout 
test outcome in order to obtain raeg degree of risk (Line-12). The computation of the test outcome is carried 
out in an explicit manner with involvement of the neural network-based predictive operation. The steps of the 
algorithm are as follows: 


Algorithm for Optimization and Computing Test Outcome 

Input: s (size of network), rin/rout (normalized input and output of risk factor) 
Output: Tou (validated test outcome 

Start 

1. init s 

2. YP fi(Tin) 

3. u>1(7, s, ©) 

4. p> fU, Tin, Tout) 

5. Tour f3(U, Tin) 

End 


As the algorithm implements neural network, it is essential that it should posses an effective 
dimension of its network (consisting of input, hidden, and output layer). The variable s represents size of the 
network followed by implementation of similar function fi(x) considering the input argument of normalized 
input i.e. rin (Line-2). The proposed system than applies a feed forward backpropagation function t 
considering the input arguments of sort out normalized input value obtained from Line-2, size of the network, 
and non-linear function œ. The application of the feed forward function t assists in forming a network that is 
trained in one-direction and is completely independent on formation of any kinds of computational loops. 
The proposed optimization is also carried out by considering two non-linear optimization process i.e. tansig 
and purelin. The tansig is basically a form of transfer function that is responsible for computing the output of 
a layer for a given value of input layer. The numerical outcome of this function is equivalent to hyperbolic 
function of tangent. The purelin function is another form of transfer function used Figure 2. 
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Figure 2. Graphical Representation of purelin and tansig Functions 
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The algorithm implements a defined training process f(x) considering the input arguments of 
network u and normalized input/output variables i.e. rin / Tou (Line-4). Finally, an aggregate function f2(x) for 
simulating the neural network model is implemented and applied over the training network i.e u and 
normalized input value of the risk factor rin (Line-5). This numerical assessment of this model is carried out 
by calculating the Tou obtained by considering the network generated considering the rin (where rin=f1, r2, r3, 
and r4) well-defined by numerical attributes of its elements. Therefore, the proposed optimization model 
offers a significant information about the risk factors considering the ner-real world numerical values 
associated with 4 variables of risk. However, the last risk variable i.e. r4 is considered as 1 that is highest 
value of probability to perform an investigation of its impact on risk anlaysis. The next section outlines the 
results obtained by implementing the proposed predictive optimization technique. 


3. RESULT ANALYSIS 

The implementation of the proposed PORM system is carried out using MATLAB where the 
algorithm implemented in prior section has been executed under various test-cases associated with initialized 
value of risk factor r. The proposed implement programmatically controls the different value of ri, r2, r3, and 
14 followed by usage of neural network toolbox for assessing the outcome of the predictive optimization. 

The complete assessment of the study outcome is carried out considering the numerical values as 
shown in Table 1. The PORM system takes the 4 different types of input of risk rin i.e. i) development 
expenditures per software projects (rı), ii) total number of allocated software projects per employee (r2), iii) 
allocated development duration for each projects on an employees (r3), and iv) uncertainty factor (r4). After 
applying function fi(x), the numerical outcomes are shown as minimum and maximum values in 3“ and 4% 
column of the above table. The proposed system also uses a scaling factor for further normalizing the 
numeric for better convergence outcome. 

Figure 3 shows the graphical outcome of the convergence test, where it can be observed that curve 
for trainng (obtained from numerical outcome of PORM) as well as best fit just overlaps each other showing 
a good aggrement with the proposed system. It shows that porposed mechanism of computing risk factor is 
highly reliable mathematically for a given scenario of constraints (i.e. rin). The best part of the study outcome 
is that it is completely free from higher ranges of iterative operation as it just need3-4 iterations in order to 
obtain reliable outcome of risk factor. An interesting factor to observe from Figure3(a) and Figure3(b) is that 
the proposed system minimizes the final epoch of 4011 to 2178 out of total of 20,000 epoch, which directly 
means that irrespective of any total number of initialized epoch, the proposed system performs optimization 
at the cost of extremely reduced number of epoch thereby exhibiting highly reduced dependencies of 
computational resources. 


Table 1 Summary of Numerical Values of Parameters of PORM 


Parameters Parameter Min-Value Max- Value Scale Factor 
Tin Tı 0.3 0.5 0.7 
T2 2 3 4 
T3 1 3 3 
T4 1 4 4 
Tout Touti 0.6 0.8 1.3 
Tout2 4.9 13.8 18.7 


The study outcome of the proposed PROM system has been compared with the existing system. The 
procedure adopted are:-the hypothesis of the proposed system concerning about risk factor is truelly 
associated with the software engineering field where there are multiple performance parameers required to 
assess any software design. The proposed system considers 5 frequently adopted software paramaters e.g. 
PF-1 (Weighted Method per Class), PF-2(Response for Classes), PF-3 (Depth of Inheritance Tree), PF-4 
(Coupling Between Objects), and PF-5 (Number of Childern). These are the standard metric that controls the 
quality of software design and degradation in any of these quality factors would call for risk factor. Hence, 
the study selects the work carried out by Zhou and Lenug [39] and performs comparison with each other. The 
outcomes are discussed with respect to the performance metric: 

a. Analysis of PF-1 (Weighted Method per Class): As children will inherit maximum number of methods 
for a given class and greater value of it will act as an impediement towards single design usage of 
software design that may be obsolete in future. Hence, lower value of RF-1 shown by PORM shows that 
proposed system offers good design reuse flexibility. 
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b. Analysis of PF-2 (Response for Classes): Higher value of this performance metric will only invite 
higher computational effort of debugging and hence result in complexity. It can be seen that PORM 
offers highly reduced complexity in this case. 

c. Analysis of PF-3 (Depth of Inheritance Tree): Higher value of this performance metric will call for 
higher inheritance making the software deisgn more unpredictable and more complex. Hence, lower 
value of this performance metric on PROM shows better outcome. 

d. Analysis of PF-4 (Coupling Between Objects): Increased value of it will only mean increase 
maintainance which is absolutely not cost effective. Therefore, proposed PORM offers cost effective 
optimization outcome. 

e. Analysis of PF-5 (Number of Childern): Increased value of these metric calls for challenge in obtaining 
inefficient abstraction by the parent class that results in increasing design complexity. Hence, PROM 
doesn’t offer any such complexity. 

Apart from this, the proposed system consumes 0.23354 seconds while existing system took 1.87762 seconds 

of computational time. Hence, in every respect, the proposed system can be said to offer better predictive 

performance of optimization in software engineering. 
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(a) Analysis For 4011 Epoch 


Best Training Performance is 2.7811e-05 at epoch 2178 


Mean Squared Error (mse) 
nw 


= 
i= 
h 


4 


0 500 1000 1500 2000 


2178 Epochs 


(b) Analysis For 2178 Epoch 


Figure 3. Outcome of Convergence Analysis 
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Figure 4. Comparative Analysis 


4. CONCLUSION 


The main idea of this paper is to introduce a concept that an analytical modeling could be designed 


for overcoming the research problem associated with risk manegment. Well, risk management is a very vast 
concept and the problems associated with its also voluminous. This is also one of the reason that why the 
existing research-based approaches doesn’t encapsulate all the problems. After reviewing existing approaches, 
it was found that problems originated from the uncertainty factor of risk are found not to be addressed and 
hence this proposed PORM is designed exclusively to address this problem. The study outcome shows that 
proposed PORM offers good convergence behaviour proving the technical correctness of the proposed concept 
and it also proved to be computationally cost effective as it has extremely very less iteration involvement as 
well as it offers faster processing time. Apart from this, the outcome of comparative analysis also proved that it 
could successfully upgrade the software quality apart from the risk-related problems. 
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